Rsyslog can be configured to receive logs from the network and can then store them in a structured way,
that’s what I suggest you see in this article. Here I am using LINUX DEBIAN machines.
Central server configuration
rsyslog.conf :
– Here we use the rsyslog modules imudp and imtcp which allow the server to listen for rsyslog client connections.
– We will use a template « remote-logs » to create a log file name and its path dynamically.
– We will use « remote-logs » template only if host IP is not the local server ( 127.0.0.1 ).
Client server configuration
rsyslog.conf :
It is possible to create a dedicated configuration, for example to change the spool folder, which allows not to modify the main configuration file rsyslog.conf,
To do this we add this file: /etc/rsyslog.d/01-client.conf
– The client sends its logs to the IP [rsyslog_server].
– The spool folder used (apache log for example) is: /var/log/rsyslogspools
– A quota of 1G is set on it.
In the case of an APACHE service, you will have to tell rsyslog where to fetch the data and then send it to the remote rsyslog server : [rsyslog_server]
And There you go !